CVE List - 2025 / May
Showing 2401 - 2500 of 3984 CVEs for May 2025 (Page 25 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-4756 | 2025-05-16 | D-Link DI-7003GV2 restart.asp denial of service |
| CVE-2025-4757 | 2025-05-16 | PHPGurukul Beauty Parlour Management System forgot-password.php sql injection |
| CVE-2025-4758 | 2025-05-16 | PHPGurukul Beauty Parlour Management System contact.php sql injection |
| CVE-2025-4761 | 2025-05-16 | PHPGurukul Complaint Management System admin-profile.php sql injection |
| CVE-2025-1975 | 2025-05-16 | Improper Validation of Array Index in ollama/ollama |
| CVE-2025-4765 | 2025-05-16 | PHPGurukul Zoo Management System contactus.php sql injection |
| CVE-2025-4679 | 2025-05-16 | A vulnerability in Synology Active Backup for Microsoft 365 allows... |
| CVE-2025-4766 | 2025-05-16 | PHPGurukul Zoo Management System profile.php sql injection |
| CVE-2025-4767 | 2025-05-16 | defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection |
| CVE-2025-4768 | 2025-05-16 | feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload |
| CVE-2025-4769 | 2025-05-16 | CBEWIN Anytxt Searcher ATService.exe uncontrolled search path |
| CVE-2025-4770 | 2025-05-16 | PHPGurukul Park Ticketing Management System view-normal-ticket.php sql injection |
| CVE-2025-40630 | 2025-05-16 | Open redirection vulnerability in IceWarp Mail Server |
| CVE-2025-40631 | 2025-05-16 | HTTP host header injection vulnerability in IceWarp Mail Server |
| CVE-2025-40632 | 2025-05-16 | Cross-site scripting (XSS) vulnerability in IceWarp Mail Server |
| CVE-2025-4771 | 2025-05-16 | PHPGurukul Online Course Registration course.php sql injection |
| CVE-2025-4772 | 2025-05-16 | PHPGurukul Online Course Registration department.php sql injection |
| CVE-2025-2305 | 2025-05-16 | Local file inclusion vulnerability in LIVE CONTRACT |
| CVE-2025-2306 | 2025-05-16 | Improper Access Control vulnerability in LIVE CONTRACT |
| CVE-2025-4773 | 2025-05-16 | PHPGurukul Online Course Registration level.php sql injection |
| CVE-2025-40629 | 2025-05-16 | Path Traversal vulnerability in PNETLab |
| CVE-2025-4777 | 2025-05-16 | PHPGurukul Park Ticketing Management System view-foreigner-ticket.php sql injection |
| CVE-2025-37890 | 2025-05-16 | net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc |
| CVE-2025-40907 | 2025-05-16 | FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library |
| CVE-2025-4211 | 2025-05-16 | Improper Link Resolution Before File Access in QFileSystemEngine on Windows |
| CVE-2025-4778 | 2025-05-16 | PHPGurukul Park Ticketing Management System normal-search.php sql injection |
| CVE-2025-4600 | 2025-05-16 | HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation |
| CVE-2025-32962 | 2025-05-16 | Flask-AppBuilder open redirect vulnerability using HTTP host injection |
| CVE-2025-4780 | 2025-05-16 | PHPGurukul Park Ticketing Management System foreigner-search.php sql injection |
| CVE-2025-47790 | 2025-05-16 | Nextcloud Server doesn't request second factor after session timeout |
| CVE-2025-47791 | 2025-05-16 | Nextcloud Server's test remote endpoint is not rate limited |
| CVE-2025-47792 | 2025-05-16 | Nextcloud Desktop 3rdparty applications can create share links via socket API |
| CVE-2025-4478 | 2025-05-16 | Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service |
| CVE-2025-4781 | 2025-05-16 | PHPGurukul Park Ticketing Management System forgot-password.php sql injection |
| CVE-2025-4782 | 2025-05-16 | SourceCodester/oretnom23 Stock Management System view_receiving sql injection |
| CVE-2025-47793 | 2025-05-16 | Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file |
| CVE-2025-47794 | 2025-05-16 | Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission |
| CVE-2025-4785 | 2025-05-16 | PHPGurukul Daily Expense Tracker System user-profile.php sql injection |
| CVE-2025-40906 | 2025-05-16 | BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities |
| CVE-2025-4786 | 2025-05-16 | SourceCodester/oretnom23 Stock Management System view_return sql injection |
| CVE-2025-48079 | 2025-05-16 | WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability |
| CVE-2025-48080 | 2025-05-16 | WordPress Uncanny Toolkit for LearnDash <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48112 | 2025-05-16 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48113 | 2025-05-16 | WordPress Broadstreet <= 1.51.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48114 | 2025-05-16 | WordPress ShayanWeb Admin FontChanger plugin <= 1.8.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48115 | 2025-05-16 | WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48116 | 2025-05-16 | WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability |
| CVE-2025-48117 | 2025-05-16 | WordPress WooCommerce POS <= 1.7.8 - Broken Access Control Vulnerability |
| CVE-2025-48119 | 2025-05-16 | WordPress RS WP Book Showcase plugin <= 6.7.41 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-48120 | 2025-05-16 | WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-48121 | 2025-05-16 | WordPress WP Notes Widget <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48127 | 2025-05-16 | WordPress Push notification for Mobile and Web app <= 2.0.3 - Broken Access Control Vulnerability |
| CVE-2025-48128 | 2025-05-16 | WordPress Sharespine Woocommerce Connector <= 4.7.55 - Broken Access Control Vulnerability |
| CVE-2025-48131 | 2025-05-16 | WordPress UltraAddons Elementor Lite <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48132 | 2025-05-16 | WordPress X Addons for Elementor <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48134 | 2025-05-16 | WordPress WP Tabs <= 2.2.11 - PHP Object Injection Vulnerability |
| CVE-2025-48135 | 2025-05-16 | WordPress Aptivada for WP <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48136 | 2025-05-16 | WordPress Mortgage Calculator Estatik <= 2.0.12 - Local File Inclusion Vulnerability |
| CVE-2025-48137 | 2025-05-16 | WordPress Interview <= 1.01 - SQL Injection Vulnerability |
| CVE-2025-48138 | 2025-05-16 | WordPress BERTHA AI <= 1.12.11 - Broken Access Control Vulnerability |
| CVE-2025-48144 | 2025-05-16 | WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-48146 | 2025-05-16 | WordPress SEO Flow by LupsOnline plugin <= 2.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-47693 | 2025-05-16 | WordPress Fat Services Booking plugin <= 5.5 - Local File Inclusion vulnerability |
| CVE-2025-47567 | 2025-05-16 | WordPress Video Player & FullScreen Video Background plugin <= 2.4.1 - SQL Injection vulnerability |
| CVE-2025-47564 | 2025-05-16 | WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2025-47563 | 2025-05-16 | WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-47562 | 2025-05-16 | WordPress MapSVG <= 8.5.34 - Content Injection Vulnerability |
| CVE-2025-47560 | 2025-05-16 | WordPress MapSVG plugin <= 8.5.32 - Broken Access Control Vulnerability |
| CVE-2025-47557 | 2025-05-16 | WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47556 | 2025-05-16 | WordPress CSS3 Compare Pricing Tables for WordPress <= 11.5 - Broken Access Control Vulnerability |
| CVE-2025-47534 | 2025-05-16 | WordPress Wordpress Auto Spinner <= 3.25.0 - Broken Access Control Vulnerability |
| CVE-2025-46464 | 2025-05-16 | WordPress Ads Pro plugin <= 4.88 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39537 | 2025-05-16 | WordPress WP JobHunt <= 7.1 - Insecure Direct Object References (IDOR) Vulnerability |
| CVE-2025-39511 | 2025-05-16 | WordPress Pinterest Automatic Pin <= 4.18.2 - Broken Access Control Vulnerability |
| CVE-2025-39509 | 2025-05-16 | WordPress TNC FlipBook plugin <= 12.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39507 | 2025-05-16 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability |
| CVE-2025-39493 | 2025-05-16 | WordPress Rankie <= 1.8.0 - Broken Access Control Vulnerability |
| CVE-2025-39492 | 2025-05-16 | WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability |
| CVE-2025-39491 | 2025-05-16 | WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability |
| CVE-2025-39482 | 2025-05-16 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - Broken Access Control vulnerability |
| CVE-2025-39481 | 2025-05-16 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - SQL Injection vulnerability |
| CVE-2025-32643 | 2025-05-16 | WordPress WPGYM Plugin <= 65.0 - SQL Injection vulnerability |
| CVE-2025-32310 | 2025-05-16 | WordPress QuickCal plugin <= 1.0.13 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-32307 | 2025-05-16 | WordPress Chameleon HTML5 Audio Player With/Without Playlist <= 3.5.6 - SQL Injection Vulnerability |
| CVE-2025-32306 | 2025-05-16 | WordPress Radio Player Shoutcast & Icecast WordPress Plugin <= 4.4.6 - SQL Injection Vulnerability |
| CVE-2025-32301 | 2025-05-16 | WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability |
| CVE-2025-32299 | 2025-05-16 | WordPress QuickCal <= 1.0.15 - Sensitive Data Exposure Vulnerability |
| CVE-2025-32296 | 2025-05-16 | WordPress Simple Link Directory Pro plugin <= 14.7.3 - Broken Access Control Vulnerability |
| CVE-2025-32295 | 2025-05-16 | WordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerability |
| CVE-2025-32290 | 2025-05-16 | WordPress Sticky HTML5 Music Player <= 3.1.6 - SQL Injection Vulnerability |
| CVE-2025-32287 | 2025-05-16 | WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.7 - SQL Injection Vulnerability |
| CVE-2025-32245 | 2025-05-16 | WordPress Apollo <= 3.6.3 - SQL Injection Vulnerability |
| CVE-2025-32180 | 2025-05-16 | WordPress CSS3 Tooltips for WordPress <= 1.8 - Broken Access Control Vulnerability |
| CVE-2025-31928 | 2025-05-16 | WordPress Multimedia Responsive Carousel with Image Video Audio Support <= 2.6.0 - SQL Injection Vulnerability |
| CVE-2025-31926 | 2025-05-16 | WordPress Sticky Radio Player <= 3.4 - SQL Injection Vulnerability |
| CVE-2025-31923 | 2025-05-16 | WordPress CSS3 Accordions for WordPress <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-31922 | 2025-05-16 | WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31921 | 2025-05-16 | WordPress WP Ultimate Tours Builder <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31915 | 2025-05-16 | WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31641 | 2025-05-16 | WordPress UberSlider <= 2.3 - SQL Injection Vulnerability |